consul/.github/workflows/reusable-unit.yml
Dan Stough 94791f76b5
build: update gha to latest approved tsccr (#21061)
* build: update gha to latest approved tsccr

* chore: update hashicorp gha versions

* fix: update upload artifact workload to have unique ids
2024-05-14 15:49:03 -04:00

154 lines
5.7 KiB
YAML

name: reusable-unit
on:
workflow_call:
inputs:
directory:
required: true
type: string
runs-on:
description: An expression indicating which kind of runners to use.
required: true
type: string
go-arch:
required: false
type: string
default: ""
uploaded-binary-name:
required: false
type: string
default: "consul-bin"
package-names-command:
required: false
type: string
default: 'go list -tags "$GOTAGS" ./...'
go-test-flags:
required: false
type: string
default: ""
repository-name:
required: true
type: string
go-tags:
required: false
type: string
default: ""
go-version:
required: true
type: string
secrets:
elevated-github-token:
required: true
consul-license:
required: true
datadog-api-key:
required: true
env:
TEST_RESULTS: /tmp/test-results
GOTESTSUM_VERSION: "1.11.0"
GOARCH: ${{inputs.go-arch}}
CONSUL_LICENSE: ${{secrets.consul-license}}
GOTAGS: ${{ inputs.go-tags}}
GOPRIVATE: github.com/hashicorp # Required for enterprise deps
DATADOG_API_KEY: ${{secrets.datadog-api-key}}
jobs:
go-test:
runs-on: ${{ fromJSON(inputs.runs-on) }}
steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
# NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
- name: Setup Git
if: ${{ endsWith(inputs.repository-name, '-enterprise') }}
run: git config --global url."https://${{ secrets.elevated-github-token }}:@github.com".insteadOf "https://github.com"
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: ${{ inputs.go-version }}
- run: mkdir -p ${{env.TEST_RESULTS}}
- name: go mod download
working-directory: ${{inputs.directory}}
run: go mod download
- name: Download consul
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: ${{inputs.uploaded-binary-name}}
path: ${{inputs.directory}}
- name: Display downloaded file
run: ls -ld consul
working-directory: ${{inputs.directory}}
- run: echo "$GITHUB_WORKSPACE/${{inputs.directory}}" >> $GITHUB_PATH
- name: Make sure consul is executable
run: chmod +x $GITHUB_WORKSPACE/${{inputs.directory}}/consul
- run: go env
- name: Run tests
working-directory: ${{inputs.directory}}
run: |
PACKAGE_NAMES=$(${{inputs.package-names-command}})
# some tests expect this umask, and arm images have a different default
umask 0022
go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \
--format=github-actions \
--jsonfile /tmp/jsonfile/go-test.log \
--rerun-fails \
--rerun-fails-report=/tmp/gotestsum-rerun-fails \
--packages="$PACKAGE_NAMES" \
--junitfile ${{env.TEST_RESULTS}}/gotestsum-report.xml -- \
-tags="${{env.GOTAGS}}" \
${{inputs.go-test-flags}} \
-cover -coverprofile=coverage.txt \
-timeout=30m
# NOTE: ENT specific step as we store secrets in Vault.
- name: Authenticate to Vault
if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }}
id: vault-auth
run: vault-auth
# NOTE: ENT specific step as we store secrets in Vault.
- name: Fetch Secrets
if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }}
id: secrets
uses: hashicorp/vault-action@v3
with:
url: ${{ steps.vault-auth.outputs.addr }}
caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
token: ${{ steps.vault-auth.outputs.token }}
secrets: |
kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
- name: prepare datadog-ci
if: ${{ !cancelled() && !endsWith(github.repository, '-enterprise') }}
run: |
curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
chmod +x /usr/local/bin/datadog-ci
- name: upload coverage
# do not run on forks
if: ${{ !cancelled() && env.DATADOG_API_KEY}}
env:
DD_ENV: ci
run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" ${{env.TEST_RESULTS}}/gotestsum-report.xml
# upload-artifact requires a unique ID per run. These steps will overlap with other users of the reusable workflow.
# We use a random string rather than trying to pass in some identifying information.
- id: generate-run-id
run: |
RUN_ID=$(head /dev/urandom | tr -dc A-Z | head -c8)
echo "The run ID is $RUN_ID"
echo "run-id=$RUN_ID" >> "$GITHUB_OUTPUT"
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
if: ${{ !cancelled() }}
with:
name: ${{ steps.generate-run-id.outputs.run-id }}-test-results
path: ${{env.TEST_RESULTS}}
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
if: ${{ !cancelled() }}
with:
name: ${{ steps.generate-run-id.outputs.run-id }}-jsonfile
path: /tmp/jsonfile
- name: "Re-run fails report"
if: ${{ !cancelled() }}
run: |
.github/scripts/rerun_fails_report.sh /tmp/gotestsum-rerun-fails